<?php

class session
{

   public static function startSession($PHPSESSID = NULL)
   {
      if (!empty($PHPSESSID))
      {
         session_id($PHPSESSID);
      }
      session_start();
      
      # CHECK IF USER HAS ACTIVE SESSION
      if(self::user())
      {
         # CHECK SESSION BY IP
         if(self::getVar('user_ip') != md5(get_ip()))
         {
            self::logout();
            return FALSE;
         }
         
         # CHECK SESSION BY TIMEOUT
         if(self::getVar('authorization_timeout'))
         {
            if(self::getVar('authorization_timeout') < time())
            {
               self::logout();
               return FALSE;
            } else
            {
               self::setVar('authorization_timeout', time() + self::getVar('authorization_live'));
            }
         }
      }
   }
   
   public static function id()
   {
      return session_id();
   }

   /**
    * Read variable from session
    *
    * @param string $var - variable name
    * @return mixed
    */
   public static function getVar($var)
   {
      if (isset($_SESSION[$var]))
         return $_SESSION[$var];
      return FALSE;
   }

   /**
    * Write wariable into session
    *
    * @param string $name - variable name
    * @param mixed $value - value of variable to be written
    * @return TRUE
    */
   public static function setVar($name, $value)
   {
      $_SESSION[$name] = $value;
      return TRUE;
   }

   /**
    * Delete variable from session
    *
    * @param string $var - variable name
    * @return bool
    */
   public static function removeVar($var)
   {
      unset($_SESSION[$var]);
   }

   /**
    * Close session
    */
   public static function closeSession()
   {
      session_destroy();
   }

   /**
    * Close current session, and open new
    */
   public static function resetSession()
   {
      self::closeSession();
      self::startSession();
   }


   public static function authorize($login, $password, $remember = false, $redirect = true)
   {
      self::logout();
      
      $_U = new user();
      $_U->authorize($login, $password);

      if($_U->id)
      {
         self::makeAuthorized($_U);
         if($redirect) self::redirect();
      }
   }
   
   public static function makeAuthorized($user)
   {
      self::setVar('user_ip', md5(get_ip()));
      self::setVar('user', $user);

      if(config::read('live', 'auth'))
      {
         self::setVar('authorization_timeout', time() + config::read('live', 'auth'));
         self::setVar('authorization_live', config::read('live', 'auth'));
      }
   }
   
   public static function logout()
   {
      session::removeVar('user');
      session::resetSession();
   }
   
   
   public static function redirect($destination = '')
   {
      if ($destination == '')
         $destination = $_SERVER['HTTP_REFERER'];
      header("Location: " . $destination);
      exit();
   }
   
   
   /**
    * Get currently authorized user
    * 
    * @return object 
    */
   public static function user($attr = NULL)
   {
      if(self::getVar('user'))
      {
         $_U = self::getVar('user');
         if($attr)
         {
            return $_U->{$attr};
         }
         
         return $_U;
      }
      
      return FALSE;
   }
}